03-26-2015, 10:41 AM
Hello, I am trying to crack a password which is from a HTTP Authorization header.
I don't know anything about the password and I don't have the hash value of the password, but I have the username, realm, method, uri and the nonce.
In order to generate a HTTP client's response, it requires:
Hash 1 = username:realm:password;
Hash 2 = method:uri;
Response = Hash 1:nonce:Hash 2;
How to crack the password by reading a word list and generate a MD5 Hash value for each of the word, and then combine with the username and realm to generate a new Hash(Hash_1), so we can combine it (Hash 2 and nonce) together and generate a response, and then compare it with the given response to check whether they are they same ?
Thank you...and sorry for my bad English.
I don't know anything about the password and I don't have the hash value of the password, but I have the username, realm, method, uri and the nonce.
In order to generate a HTTP client's response, it requires:
Hash 1 = username:realm:password;
Hash 2 = method:uri;
Response = Hash 1:nonce:Hash 2;
How to crack the password by reading a word list and generate a MD5 Hash value for each of the word, and then combine with the username and realm to generate a new Hash(Hash_1), so we can combine it (Hash 2 and nonce) together and generate a response, and then compare it with the given response to check whether they are they same ?
Thank you...and sorry for my bad English.